Securing your wallet: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
Casascius (talk | contribs)
Furunodo (talk | contribs)
m backingup
 
(91 intermediate revisions by 36 users not shown)
Line 1: Line 1:
#REDIRECT [[Storing bitcoins]]
{{merge|Ways_to_store_Bitcoins}}
==Introduction==
==Introduction==


Line 8: Line 13:
# Making a new secure wallet, using appropriate long-term protection.
# Making a new secure wallet, using appropriate long-term protection.


''For a brief overview see also: [[Wallet Security Dos and Don'ts (Windows)|Wallet Security Dos and Don'ts]]''
''For a brief overview see also: [[Wallet Security Dos and Don'ts|Wallet Security Dos and Don'ts]]''
 
==Cold wallets==
 
A cold wallet generates and stores private wallet keys offline on a clean [https://en.wikipedia.org/wiki/Air_gap_(networking) air-gapped] computer. Unsigned transactions are generated online, transferred offline for verification and signing, and the signed transaction is transferred online to be transmitted to the Bitcoin network.
 
This allows funds to be managed offline in [[Cold storage]]. Used correctly a cold wallet is protected against online threats, such as viruses and hackers. Cold wallets are similar to hardware wallets, except that a general purpose computing device is used instead of a special purpose peripheral.
 
==Hardware wallets==
 
Main page: [[Hardware wallet]]
 
[[Hardware wallet]]s are special purpose security hardened devices for storing Bitcoins on a peripheral that is trusted to generate wallet keys, verify and sign transactions.
 
A [[hardware wallet]] typically holds the private keys in its internal storage and is designed to be malware resistant. The device signs the transactions internally and only transmits the signed transactions to the computer. The separation of the private keys from the vulnerable environment allows the user to spend bitcoins on a compromised computer with reduced risk.
 
==Multisignature wallets==
 
A multisignature wallet is one where multiple private keys are required to move the bitcoins instead of a single key. These private keys can be spread across multiple machines with the assumption that malware and hackers are unlikely to simultaneously infect your laptop, desktop and smartphone. The multisig wallet can be of the m-of-n type where any m private keys out of a possible n are required to move the money. For example a 2-of-3 multisig wallet might have your private keys spread across a laptop, smartphone and paper backup; any two of those are required to move the money but the loss of any one does not result in loss of money.
 
Multisignature wallets have the advantage of being cheaper than hardware wallets since they are implemented in software and can be downloaded for free, as well as being convenient as all keys are online and the wallet user interfaces are typically good. Wallet software [[Electrum]] and [[Armory]] can create multisig wallets.
 
Further reading: [[Multisignature]]


==Paper Wallets==
See also: http://docs.electrum.org/en/latest/multisig.html
[[Paper wallet]]s are a fairly simple way to store Bitcoins without needing a computer. It also puts them outside the reach of hackers and computer viruses.


"Storing" bitcoins is a little bit of a misnomer - what you are actually "storing" is a sequence of secret numbers that is used to prove your right to spend the Bitcoins you have received.  This secret number is called a [[private key]].  The most common way to write a private key is as a sequence of fifty-one alphanumeric characters.
==Hot wallets: minimizing risks==


One way you can print a paper wallet is at the website [[Bitaddress.org]].  This website features a free client-side paper wallet generator written in Javascript. This generator can be saved as a file and used on an offline computer.  Using it online is relatively safe, but not airtight unless you take a couple of extra precautions to ensure your keys are not stolen by spyware.
An Internet connected computer that stores your Bitcoins is often referred to as a "hot wallet". Though there are several things that can be done to lower the threat, hot wallets are unavoidably risky.  


To generate a safe paper wallet, you need to "clean-boot" your computer with a bootable CD (such as a Linux Live CD), with your computer not connected to the internet, to ensure that you do not have any active spyware that might steal the private keys you generate.  Disconnecting from the Internet allows you to confirm that the paper wallet generator is truly self-contained and isn't depending on communication with a remote server. Run the saved paper wallet generator in a web browser, print your paper wallets (do not save them on the computer), and then shut down the computer.  You may need to load an appropriate printer driver in order to print while booted from the Live CD.
Modern operating systems are highly complexity, leading to a large attack surface. They also constantly leak information without the user’s knowledge or consent. It is very hard to ensure your wallet is  secure on an Internet connected computer.  


A paper wallet lists multiple Bitcoin addresses and the corresponding "private key".  You can send Bitcoins to any address on the page, and they will be inaccessible until the private key is loaded back onto a computer.  The Bitcoin software does not yet have a built-in way to load private keys, but you can use the "Add Funds" - "Private key" screen at [[MtGox]] to recover digital coins from a private key. Coins are deposited in your MtGox account and can be sent out of MtGox shortly thereafter.
For low value wallets, the risk may be acceptable but it is recommended not to keep more in a hot wallet than you can afford to lose. For sums beyond that use one of the more secure methods above (e.g.,.


Remember that spyware and viruses often attempt to monitor you in order to commit theft.  If your computer is infected with spyware or viruses - even if there are no symptoms or your antivirus isn't reporting anything - then anything you type, view, or save on your computer could potentially be stolen by someone remotely controlling your computer.  Paper wallets isolate you from much of this risk.  Only enter a Bitcoin private key into your computer when your intent is to redeem its value ''immediately''.
To minimize risk, take care that the system is free of malware, viruses, keyloggers, remote access tools, and other tools that may be used to make remote copies of your wallet, Bitcoin-related passwords, or Bitcoin private keys. When your computer is compromised, the precautions taken below may provide additional protection.


==Securing an online wallet with the Bitcoin software==
===Securing the Bitcoin-Qt or bitcoind wallet===


Bitcoin transactions send Bitcoins to a specific public key. A Bitcoin address is an encoded hash of a public key. In order to use received Bitcoins, you need to have the private key matching the public key you received with. This is sort of like a super long password associated with an account (the account is the public key). Your Bitcoin wallet contains all of the private keys necessary for spending your received transactions. If you delete your wallet without a backup, then you no longer have the authorization information necessary to claim your coins, and the coins associated with those keys are lost forever.
Bitcoin transactions send Bitcoins to a specific public key. A Bitcoin address is an encoded hash of a public key. In order to use received Bitcoins, you need to have the private key matching the public key you received with. This is sort of like a super long password associated with an account (the account is the public key). Your Bitcoin wallet contains all of the private keys necessary for spending your received transactions. If you delete your wallet without a backup, then you no longer have the authorization information necessary to claim your coins, and the coins associated with those keys are lost forever.
Line 33: Line 59:
The situation is made somewhat more confusing because the receiving addresses shown in the UI are not the only keys in your wallet. Each Bitcoin generation is given a new public key, and, more importantly, each sent transaction also sends some number of Bitcoins back to yourself at a new key. When sending Bitcoins to anyone, you generate a new keypair for yourself and simultaneously send Bitcoins to your new public key and the actual recipient's public key. This is an anonymity feature – it makes tracking Bitcoin transactions much more difficult.
The situation is made somewhat more confusing because the receiving addresses shown in the UI are not the only keys in your wallet. Each Bitcoin generation is given a new public key, and, more importantly, each sent transaction also sends some number of Bitcoins back to yourself at a new key. When sending Bitcoins to anyone, you generate a new keypair for yourself and simultaneously send Bitcoins to your new public key and the actual recipient's public key. This is an anonymity feature – it makes tracking Bitcoin transactions much more difficult.


So if you create a backup, do more than 100 things that cause a new key to be used, and then restore from the backup, some Bitcoins will be lost. Bitcoin has not deleted any keys (keys are never deleted) – it has created a new key that is not in your old backup and then sent Bitcoins to it.
So if you create a backup, and then do more than 100 things that cause a new key to be used, and then restore from the backup, some Bitcoins will be lost. Bitcoin has not deleted any keys (keys are never deleted) – it has created a new key that is not in your old backup and then sent Bitcoins to it. A backup is therefore recommended roughly every 50 transactions (or address creations) just to be safe.


== Making a new wallet ==
=== Importance of security updates===


In the case that a wallet has been distributed, or stored, in a (real or potential) compromised state, it is wise to create a new wallet and transfer the full balance of Bitcoins to an address contained only in the newly created wallet.
No software is perfect, and from time to time there may be security vulnerabilities found in your Bitcoin client as well.
Be sure you keep your client updated with the latest bug fixes, especially when a new vulnerability is discovered.
We maintain a [[CVEs|list a known vulnerabilities]] on this wiki - you can watch that page to get updates.
Note that you ''don't'' need to be running the latest major client version: some clients, including the popular Bitcoin-Qt, have older versions available with bugfix-only updates.


For example, this will be necessary if one created a wallet with a password of 12 characters, as suggested. However a few years have passed and the wallet is now more easily compromised.  Just re-encrypting isn't secure.  One needs to make a new wallet and make the old wallet worthless (spending the funds to the new wallet).
=== Making a new Bitcoin-Qt or bitcoind wallet ===


==Making a secure workspace==
If a wallet or an encrypted wallet's password has been compromised, it is wise to create a new wallet and transfer the full balance of bitcoins to addresses contained only in the newly created wallet. Examples of ways a wallet may be compromised are through password re-use, minimal strength passwords, computer hack or virus attack.


===Linux===
There are a number of ways to create a new wallet with Bitcoin-Qt or bitcoind but this is a process that has been tested with bitcoind 0.6.3. We use the copy command to minimize the chance of any data loss but you are warned to make backups of any wallet.dat that holds a balance for you.


The first step is to make a [http://www.howtogeek.com/howto/ubuntu/add-a-user-on-ubuntu-server/ new user,] so run:
:1. Shut down the Bitcoin program.
:2. Find and make a backup of the "compromised" wallet.dat file and rename it, perhaps adding a short description:
:::wallet.dat ->  wallet-compromised.dat
:Depending on your OS, the wallet file will be located at:
:::Windows: %APPDATA%\Bitcoin\
:::Linux: ~/.bitcoin/
:::Mac: ~/Library/Application Support/Bitcoin/
:3. Start the Bitcoin program and it will create a new wallet.dat. You may then encrypt the wallet as desired and make a new backup.
:4. Once you've made a new wallet, you can obtain one or more addresses and copy them into a text editor. After obtaining the new address(es), shut down the Bitcoin program, make a backup of the new wallet.dat file and copy it to a new file named wallet-new.dat.
:5. Copy the wallet-compromised.dat file back to wallet.dat, start the Bitcoin program and transfer your balance to the new address(es) you put in your text editor. Once the balance is back to 0 for your compromised wallet, you may want to wait a couple minutes or for a confirmation or check block explorer to be sure the transactions have been broadcasted. Then you may shut down the Bitcoin program.
:6. Rename wallet.dat to wallet-compromised.dat.
:7. Rename wallet-new.dat to wallet.dat.


<code>adduser new_user_name</code>
You should now have a new wallet with all the bitcoins from the old wallet.


as root. When you get to the prompt 'Enter the new value, or press ENTER for the default', just keep hitting ENTER.
===Debian-based Linux===


Then switch user to the new user.  To get to the new user you can use the switch user icon for your system, which on Ubuntu is in the 'System/Quit' screen, or if there is no switch icon on your system you can log out and log back in as the new user.  Then click on a folder in the new user to display the file browser, then keep going up folders until you see the new user home directory, then right click to bring up the Properties dialog, then click on the Permissions tab, then in the Others section, set the folder access to None.
==== Store all into an encrypted folder (Tomb) ====


For secure browsing, open Firefox, and then go into the Edit menu and click Preferences.  Starting from the left, click on the General tab, and in the 'Startup/When Firefox starts' pop up menu, choose 'Show a Blank Page'.  Then click on the Content tab, and deselect 'Load images automatically' and deselect 'Enable Javascript'.  Then click on the Privacy tab, and in the 'History/Firefox will' pop up menu, choose 'Never remember history'. Then click on the Security tab, and in the Passwords section, deselect 'Remember passwords for sites' and deselect 'Use a master password'.  Then click on the Advanced tab, then click on the Update tab, and then in the 'Automatically check for updates to' section, deselect 'Add-ons' and 'Search Engines'.
Tomb is a simple tool to manage encrypted storage on GNU/Linux. Among its features are bind-hooks to set up a tomb's contents in the place where other programs expect them, for example in our case mount -o bind the .bitcoin directory in a user's home.


When javascript is disabled, the [http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.3.23/bitcoin-0.3.23-linux.tar.gz/download linux download page] will not download automatically, so you'll have to click on the 'direct link' part of the "Problems with the download? Please use this 'direct link' or try another mirror." line.
First install tomb from https://files.dyne.org/tomb (homepage is on http://www.dyne.org/software/tomb)


After you've made your secure new user, to maintain security you should use it only for bitcoin.
Among the requirements: zsh, cryptsetup, pinentry-curses, gnupg, sudo.


It's also a good idea to encrypt the Home directory of whatever user you run Bitcoin under using ecryptfs-utils. To do this:
Recommended: wipe, dcfldd, steghide, qrencode.
# If the Home directory is not empty you should back it up first, by just copying the data to an external drive or something.
# install ecryptfs-utils (on Ubuntu: sudo apt-get install ecryptfs-utils)
# log out of X (graphical system) and press Ctrl+Alt+F1 to login to the command shell (you must be logged out or some files will be open and the tool won't be able to encrypt your data)
# change directory to something that's not in your home folder (ex: cd / )
# run the migration tool (on Ubuntu: sudo ecryptfs-migrate-home -u username)
# if it's successful, you can now press ALT+F8 to go back to the GUI and login
# run 'ecryptfs-unwrap-passphrase' and '''WRITE DOWN OR SAVE THE CODE IT RETURNS''' because you will need it if you ever have to pull your data off while the OS is not working. (You can run it again later if you need to, but run it now so that you can get your data if your Linux install gets botched.)
# run 'ecryptfs-setup-swap' to encrypt your swap partition (the encrypted folder data is not encrypted while it's in memory, and so if it's ever sent to the swap partition it can be stolen from there unless that too is encrypted - be aware that this will mean you cannot use Hibernate anymore, as the bootloader won't be able to restore the hibernation data)
(instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/#Migrate])


===Mac===
Then create a tomb (we name it bitcoin) with three commands:


=====Backup all data (1000MB)=====
<code>tomb dig -s 100 bitcoin.tomb</code>
Follow these instructions to backup all the bitcoin data (wallet and block chains) to an encrypted disk image.
# Open Disk Utility
# Click New Image and choose 1000MB, 128-bit or 256-bit (faster or more secure) encryption and single partition.
# Save it somewhere you won't lose it (like your Wuala, Dropbox, Strongspace or whatever)
# Choose a safe and strong password
# Move everything from ~/Library/Application Support/Bitcoin/ to the image
# Symlink it back so the app would be able to use it
:::ln -s /Volumes/Bitcoin ~/Library/Application Support/Bitcoin


Don't forget to mount your image before using Bitcoin and unmount after quitting it.
<code>tomb forge bitcoin.tomb.key</code>


=====Backup just wallet.dat (40MB)=====
<code>tomb lock  bitcoin.tomb -k bitcoin.tomb.key</code>
Follow these instructions to backup just the wallet.dat file. This results in a smaller disk image, but it's more complicated to do.
# Open Disk Utility
# Click New Image and choose 40MB, 128-bit or 256-bit (faster or more secure) encryption and single partition.
# Save it somewhere you won't lose it (like your Wuala, Dropbox, Strongspace or whatever)
# Choose a safe and strong password
# Move your wallet.dat file to the image
# Symlink it back so the app would be able to use it
:::ln -s /Volumes/Bitcoin/wallet.dat ~/Library/Application Support/Bitcoin/wallet.dat


[[File:MountWalletAndLauchnBitcoin_OSX_Automator.png|thumbnail|150px|Mount Wallet and launch Bitcoin]]
Then open it
Don't forget to mount your image before using Bitcoin and unmount after quitting it.


'''Note''': If you start the Bitcoin application without having the image mounted, the application will overwrite your symlink with a new wallet. If that happens, don't panic. Just delete the new wallet.dat, mount the image, and recreate the symlink like above.
<code>tomb open bitcoin.tomb</code>


'''Automation''': You can create a small application using [http://en.wikipedia.org/wiki/Automator_%28software%29 Automator] (included in OS X) to automatically mount the wallet and then launch Bitcoin App. See the Screenshot on how to do this.
This will require you to input again the password you selected.


If one ''doesn't'' want to use encrypted Disk images, then a '''small shell script''' can be used instead that takes care of decrypting the wallet, launching bitcoin client, and encrypting it after the client exits. This script works on both OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh bitcoin-launch-script]
Once open the tomb contents are in /media/bitcoin.tomb


===Windows===
Move there your bitcoin wallet:


If you are using Windows XP or Windows 7, you can keep your wallet on an encrypted disk image created by third-party software, such as [http://www.truecrypt.org/ TrueCrypt] (open source) or [http://www.jetico.com/encryption-bestcrypt/ Jetico BestCrypt] (commercial).  You can probably do the same with Windows Vista or Windows 2000. 
<code>mv ~/.bitcoin /media/bitcoin.tomb/my-safe-wallet</code>


'''NOTE:''' You should configure Bitcoin in this manner only on computers where you use Bitcoin, but do not use that computer to mine. For example, this is a good configuration for a notebook or tablet computer.
Then create a file "/media/bitcoin.tomb/bind-hooks" and put a single line:


Assuming that you have installed the Windows Bitcoin client and run it at least once, the process is described below.
<code>my-safe-wallet    .bitcoin</code>


<p><b>To mount the Bitcoin data directory on an encrypted drive</b></p>
Which means that every time the tomb is open, the directory my-safe-wallet needs to be bound to ~/.bitcoin. Just make sure an empty ~/.bitcoin directory exists in your home.
<ol start=1 type=1>
<li>Use the third-party disk image encryption program of your choice to create and mount an encrypted disk image of at least 100 MB in size.</li>
<li>Locate the Bitcoin data directory, and copy the directory with all contents to the encrypted drive.
<p>For help finding this directory, see <b>[[Securing_your_wallet#Locating_Bitcoin_s_data_directory|Locating Bitcoin's Data Directory]]</b>.</p></li>
<li>Create a Windows shortcut that starts Bitcoin with the <code>-datadir</code> parameter and specifies the encrypted drive and directory.
<p>For example, if you installed Bitcoin in the default directory, mounted your Bitcoin encrypted drive as <code>E:\</code>, and stored your Bitcoin data directory on it as <code>Bitcoin</code>, you would type the following command as the shortcut Target:</p>
<blockquote><code>C:\Program Files\Bitcoin\bitcoin.exe -datadir=E:\Bitcoin</code></blockquote></li>
<li>Open Bitcoin's settings and configure it <b>NOT</b> to start automatically when you start Windows.
<p>This is to allow you to mount the Bitcoin encrypted disk image before starting Bitcoin.</p></li>
<li>Shut down Bitcoin, and then restart it from the new shortcut.</li>
</ol>


After doing this, any time you want to use Bitcoin, you must first mount the Bitcoin encrypted disk image using the same drive designation, and then run Bitcoin from the shortcut that you created, so that it can find its data and your wallet. :-)
Now close the tomb and store its keys safely, make sure you memorize the password. Have a look at Tomb's documentation, there is a number of things you can do like steganography or printing out keys on a paper to hide and such.


== Locating Bitcoin's data directory ==
That's it. Every time you like to access your wallet open the tomb and the .bitcoin will be in place. One can also store the bitcoin binary inside the tomb and even start the bitcoin client using the exec-hooks. Tomb's manual page "man tomb" explains the possibilities.


The [[data directory]] is the location where Bitcoin's data files are stored, including the wallet data file.
The advantage of this approach over an encrypted home is that it becomes extremely portable across computers and even online shells: a Tomb is just a file and its key can be stored far away, on different shells, usb sticks or mobile phones.


=== Windows ===
==== Secure the whole user home directory ====
The first step is to make a [http://www.howtogeek.com/howto/ubuntu/add-a-user-on-ubuntu-server/ new user]. In order for that new user to have an encrypted home directory, you'll first need the encryption utility. Run:


Go to Start -> Run (or press WinKey+R) and run this:
<code>sudo apt-get install ecryptfs-utils</code>


explorer %APPDATA%\Bitcoin
Now you're ready to create a new user


Bitcoin's data folder will open. For most users, this is the following locations:
<code>sudo adduser --encrypt-home new_user_name</code>


C:\Documents and Settings\YourUserName\Application data\Bitcoin (XP)
You'll need to come up with a [[#Choosing_A_Strong_Password|secure]] new password for that user.
C:\Users\YourUserName\Appdata\Roaming\Bitcoin (Vista and 7)


"AppData" and "Application data" are hidden by default.
When you get to the prompt 'Enter the new value, or press ENTER for the default', just keep hitting ENTER.


=== Linux ===
Then switch user to the new user.  To get to the new user you can use the switch user icon for your system, which on Ubuntu is in the 'System/Quit' screen, or if there is no switch icon on your system you can log out and log back in as the new user.


By default Bitcoin will put its data here:
Since the home folder of this user is encrypted, if you're not logged in as that user, data that is saved there can't be browsed, even by a root user. If something goes wrong with your system, and you need to decrypt the new user's files, you'll need its decryption key.


~/.bitcoin/
<code>ecryptfs-unwrap-passphrase</code>


You need to do a "ls -a" to see directories that start with a dot.
It will ask you for your user's password and give you the decryption key. '''WRITE DOWN OR SAVE THE CODE IT RETURNS''' because you will need it if you ever have to pull your data off while the OS is not working. (You can run it again later if you need to, but run it now so that you can get your data if your Linux install gets botched.)


If that's not it, you can do a search like this:
The encrypted folder data is not encrypted while it's in memory, and so if it's ever sent to the swap partition it can be stolen from there unless that too is encrypted - be aware that this will mean you cannot use Hibernate anymore, as the bootloader won't be able to restore the hibernation data.


find / -name wallet.dat -print 2>/dev/null
<code>ecryptfs-setup-swap</code>


=== Mac ===
Then click on a folder in the new user to display the file browser, then keep going up folders until you see the new user home directory, then right click to bring up the Properties dialog, then click on the Permissions tab, then in the Others section, set the folder access to None.


By default Bitcoin will put its data here:
For secure browsing, open Firefox, and then go into the Edit menu and click Preferences.  Starting from the left, click on the General tab, and in the 'Startup/When Firefox starts' pop up menu, choose 'Show a Blank Page'.  Then click on the Content tab, and deselect 'Load images automatically' and deselect 'Enable JavaScript'.  Then click on the Privacy tab, and in the 'History/Firefox will' pop up menu, choose 'Never remember history'.  Then click on the Security tab, and in the Passwords section, deselect 'Remember passwords for sites' and deselect 'Use a master password'.  Then click on the Advanced tab, then click on the Update tab, and then in the 'Automatically check for updates to' section, deselect 'Add-ons' and 'Search Engines'.


~/Library/Application Support/Bitcoin/
When JavaScript is disabled, the [http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.3.23/bitcoin-0.3.23-linux.tar.gz/download Linux download page] will not download automatically, so you'll have to click on the 'direct link' part of the "Problems with the download? Please use this 'direct link' or try another mirror." line.


==Backup==
===Mac===
This solution '''does not scale'''; the amount of needed space can grow beyond the image size.


'''Note''': I would strongly recommend against using a service like Dropbox to back up your Bitcoin data due to [http://en.wikipedia.org/wiki/Dropbox_(service)#Criticism security concerns] such as:
===Windows===
# the fact that they store your encryption key (meaning that a disgruntled Dropbox employee or an attacker who gained access to the system could decrypt your Dropbox data and steal your Bitcoins)
# the fact that the Dropbox client only needs a password for the first login. After it authenticates once, the server assigns it a token which it uses to show that, at one time, its user knew the password rather than sending the actual password (meaning that if you ever use the Dropbox client on another PC, that PC's users can access your Dropbox - even if you change your password - and can steal your Bitcoins or get a virus that will steal your Bitcoins).


For these reasons, I personally prefer to use Wuala, which does not store your encryption key and requires a password each time (the client can be set to remember your password, but the server will check each time to make sure that the client is sending the correct password). Like Dropbox, the basic, lowest-storage-space account with Wuala is free of charge, and coincidentally, Wuala [http://www.wuala.com/en/bitcoin is experimenting with allowing users to pay for "upgraded" plans using Bitcoin.]
Due to the frequency with which Windows computers are compromised, it is advised to encrypt your wallet or to keep your wallet on an encrypted disk image created by third-party software, such as [http://www.truecrypt.org/ TrueCrypt] (open source) or [http://www.jetico.com/encryption-bestcrypt/ Jetico BestCrypt] (commercial). This also applies to the storage of passwords, private keys and other data that can be used to access any of your Bitcoin balances.


In fact, whether you use Dropbox as your backup or not, use what Steve Gibson calls "pre-Internet encryption" (which he actually [http://itknowledgeexchange.techtarget.com/security-corner/cloud-security-and-privacy-do-they-exist/ discussed in the context of Dropbox's security concerns]) and use some form of encryption on the files before you back them up, just in case someone other than yourself ever gains access to that backup. Make sure to pick a password that's memorable but secure.
Assuming that you have installed the Windows Bitcoin client and run it at least once, the process is described below.


The only file you need to back up is "wallet.dat". Ensure that Bitcoin is closed, copy this file somewhere else, encrypt it, and put it somewhere safe. Ideally, you would put this file in two places: one nearby, and one 100+ miles away.
<p><b>To mount the Bitcoin data directory on an encrypted drive</b></p>
<ol start=1 type=1>
<li>Use the third-party disk image encryption program of your choice to create and mount an encrypted disk image of at least 5GB in size. This procedure stores the entire block chain database with the wallet.dat file so the required size of the encrypted disk image required may grow in the future.</li>
<li>Locate the Bitcoin data directory, and copy the directory with all contents to the encrypted drive.
<p>For help finding this directory, see <b>[[Securing_your_wallet#Locating_Bitcoin_s_data_directory|Locating Bitcoin's Data Directory]]</b>.</p></li>
<li>Create a Windows shortcut that starts Bitcoin with the <code>-datadir</code> parameter and specifies the encrypted drive and directory.
<p>For example, if you installed Bitcoin in the default directory, mounted your Bitcoin encrypted drive as <code>E:\</code>, and stored your Bitcoin data directory on it as <code>Bitcoin</code>, you would type the following command as the shortcut Target:</p>
<blockquote><code>C:\Program Files\Bitcoin\bitcoin.exe -datadir=E:\Bitcoin</code></blockquote></li>
<li>Open Bitcoin's settings and configure it <b>NOT</b> to start automatically when you start Windows.
<p>This is to allow you to mount the Bitcoin encrypted disk image before starting Bitcoin.</p></li>
<li>Shut down Bitcoin, and then restart it from the new shortcut.</li>
</ol>
 
After doing this, any time you want to use Bitcoin, you must first mount the Bitcoin encrypted disk image using the same drive designation, and then run Bitcoin from the shortcut that you created, so that it can find its data and your wallet.


You can use the [[api|backupwallet]] JSON-RPC command to back up without shutting down Bitcoin.


=== General Solutions ===
=== General Solutions ===


Your wallet.dat file is not encrypted by Bitcoin. Anyone who can access it can easily steal all of your coins. Use one of these encryption programs if there is any chance someone might stumble upon your wallet.
Your wallet.dat file is not encrypted by the Bitcoin program by default but the most current release of the Bitcoin client provides a method to encrypt with a passphrase the private keys stored in the wallet. Anyone who can access an unencrypted wallet can easily steal all of your coins. Use one of these encryption programs if there is any chance someone might gain access to your wallet.
* [http://www.7-zip.org/ 7-zip] - Supports strongly-encrypted archives.
* [http://www.7-zip.org/ 7-zip] - Supports strongly-encrypted archives.
* [http://www.axantum.com/axcrypt/ AxCrypt by Axantum]
* [http://www.axantum.com/axcrypt/ AxCrypt by Axantum]
* [http://lrzip.kolivas.org lrzip] - Compression software for Linux and OSX that supports very high grade password protected encryption
* [http://lrzip.kolivas.org lrzip] - Compression software for Linux and OSX that supports very high grade password protected encryption
* [http://www.truecrypt.org/ TrueCrypt] - Volume-based on-the-fly encryption (for advanced users)
* [http://www.truecrypt.org/ TrueCrypt] - Volume-based on-the-fly encryption (for advanced users)
* [http://www.rarlab.com/ WinRar] - Commonly used archive software that supports verification records and encryption.


There is also a list of [[OpenSourceEncryptionSoftware|open source encryption software.]]
There is also a list of [[OpenSourceEncryptionSoftware|open source encryption software.]]
Line 189: Line 201:
Decrypting and encrypting the wallet.dat every time you start or quit the Bitcoin client can be ''tedious'' (and outright error-prone). If you want to keep your wallet encrypted (except while you're actually running the Bitcoin client), it's better to relegate the automation to a [http://lorelei.kaverit.org/bitcoin.sh small shell script] that handles the en/decryption and starting up Bitcoin client for you (Linux and OSX).  
Decrypting and encrypting the wallet.dat every time you start or quit the Bitcoin client can be ''tedious'' (and outright error-prone). If you want to keep your wallet encrypted (except while you're actually running the Bitcoin client), it's better to relegate the automation to a [http://lorelei.kaverit.org/bitcoin.sh small shell script] that handles the en/decryption and starting up Bitcoin client for you (Linux and OSX).  


There is also a method to Print out and encrypt your Wallet.dat as a special barcode. See details here: [[WalletPaperbackup]]
There is also a method to print out and encrypt your wallet.dat as a special, scannable code. See details here: [[WalletPaperbackup]]


==== Password Strength ====
==== Password Strength ====
Brute-force password cracking has come a long way. A password of random [a-Z] [0-9] [!-~] of 8 characters long was previously thought secure but can be trivially solved now (using appropriate hardware). The recommended length is '''at least''' 12 characters long.  You can also use a multi-word password. [http://www.baekdal.com/tips/password-security-usability The Usability of Passwords]  
Brute-force password cracking has come a long way. A password including capitals, numbers, and special characters with a length of 8 characters can be trivially solved now (using appropriate hardware). The recommended length is '''at least''' 12 characters long.  You can also use a multi-word password and there are techniques to increase the strength of your passwords without sacrificing usability. [http://www.baekdal.com/tips/password-security-usability The Usability of Passwords]  


However, simply using dictionary words is also insecure as it opens you up to a dictionary attack. If you use dictionary words, be sure to throw random symbols and numbers in the mix as well.
However, simply using dictionary words is also insecure as it opens you up to a dictionary attack. If you use dictionary words, be sure to include random symbols and numbers in the mix as well.


If you use keyfiles in addition to a password, it is unlikely that your encrypted file can ever be cracked using brute force methods, even 10 years from now when even a 12 character password might be too short.
If you use keyfiles in addition to a password, it is unlikely that your encrypted file can ever be cracked using brute-force methods, even when even a 12 character password might be too short.


Assume that any encrypted files you store online (eg. gmail, Dropbox) will be stored somewhere forever and can never be erased.
Assume that any encrypted files you store online (eg. Gmail, Dropbox) will be stored somewhere forever and can never be erased.


===== Choosing Your Password =====
===== Choosing A Strong Password =====
Make sure you pick at least one character in each group:<br />
Make sure you pick at least one character in each group:<br />


Line 208: Line 220:
   Symbol: `~!@#$%^&*()-_=+\|[{]};:'",<.>/? (space)
   Symbol: `~!@#$%^&*()-_=+\|[{]};:'",<.>/? (space)


   >9 char = unsuitable for use
   <9 char = unsuitable for use
   09 char = insecure
   09 char = insecure
   10 char = low security
   10 char = low security
Line 215: Line 227:
   13 char = very good, enough for anything.
   13 char = very good, enough for anything.


==== Storage of Archive ====
You might want to read [http://security.stackexchange.com/questions/662/what-is-your-way-to-create-good-passwords-that-can-actually-be-remembered What is your way to create good passwords that can actually be remembered?] and [http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase XKCD #936: Short complex password, or long dictionary passphrase?]
One of the most simple methods for storing a appropriately '''encrypted''' archive of your wallet.dat file is to send the archive as an email attachment to your own e-mail address. Services like gmail.com use very comprehensive distributed networks that make the loss of data very unlikely.  One can even obfuscate the name of the files within the archive, and name the archive something less inviting, such as: 'personal notes' or 'car insurance'.


Another solution is to use a file storage service like [http://www.wuala.com/bitcoin Wuala] ( encrypted, [http://www.bitcoin.org/smf/index.php?topic=5817.0 instructions]), [http://www.dropbox.com Dropbox] and [http://en.wikipedia.org/wiki/Comparison_of_online_backup_services others], including the more secure [http://www.spideroak.com SpiderOak].
== Backing up your wallet ==


=== Linux solution ===
Backing up your wallet is not necessary if you use a wallet with implemented [[BIP 0032]] (hierarchical deterministic wallet). Today, only [[TREZOR]], [[Electrum]] and [[CarbonWallet]] fully support BIP 0032.


Linux users can setup backups using cron by telling it to run a backup script at set intervals of time. Run 'crontab -e' and add this line near the bottom:
For advise on the backup process see [[Backing up your wallet]].


01 */1 * * * /usr/local/bin/backupwallet.sh
==Erasing Plain-text Wallets==


This cron line will run the /usr/local/bin/backupwallet.sh script at the 01 minute of every hour. Remember to add a newline after the last line of the crontab file, or else the last line won't run. You may also wish to ignore the script's output by appending " > /dev/null 2>&1" to the line (this will also prevent emails from being sent).
In most operating systems, including Windows, Linux, and Mac OS X, simply deleting a wallet.dat file will ''not'' generally destroy it. It is likely that advanced tools can still be used to recover the wallet.dat file, even after it has been deleted.


Create /usr/local/bin/backupwallet.sh:
The Linux '''shred''' command can be used to overwrite the wallet file with random data prior to deleting; this particular copy of the file will then be practically impossible to recover.  Using shred (and similar tools on Windows) however does not guarantee that still other copies don't exist somewhere hidden on your HD. That will depend on your system configuration and what packages you have installed. Some system restore and backup tools, for instance, create periodic snapshots of your  filesystem, duplicating your wallet.dat.


#!/bin/bash
In Mac OS, the equivalent of '''shred''' is '''srm''' (introduced in Leopard). Using the Finder to remove files, clicking "Secure Empty Trash" in the Finder menu will shred the contents of the trash can. As with any OS this doesn't guarantee that there are not other copies elsewhere on your system.
# /usr/local/bin/backupwallet.sh
#
# Performs backup of bitcoin wallet.
#
# Written by: https://en.bitcoin.it/wiki/Securing_your_wallet
#
# Standard Options
#
TS=$(date "+%Y%m%d-%H%M")
WALLET=/tmp/wallet-${TS}
WALLET_E=/tmp/wallet-${TS}.crypt
BITCOIN=bitcoind  # /path/to/bitcoind
GPG=gpg  # /path/to/gpg
GPG_USER=username  # Username of gpg recipient. User should have gpg setup.
RM=rm
RM_OPTS='--force'
USE_SHRED=0  # Flip to 1 to use `shred` instead of `rm`.
SHRED=shred
SHRED_OPTS='--force --iterations=9 --zero --remove'
#
# Storage Options
# Only 1 set of options should be un-commented (the last one will be used).
# Update CP_DEST paths as neccessary.
#
# CP - Storage on a local machine. Could be Dropbox/Wuala folder.
#CP=cp
#CP_DEST='/var/data/backups/' # '~/Dropbox/', etc.
#
# SSH - Storage on a remote machine.
CP=scp
CP_DEST='remoteuser@example.com:~/wallets/'
#
# S3 - Storage on Amazon's S3. Be sure s3cmd is installed and properly setup.
# You may need "s3cmd put --force" if you use a sub-directory in CP_DEST.
#CP=s3cmd put
#CP_DEST='s3://bucket'
do_clean() {
  # Remove temporary wallets.
  if [ 1 -eq $USE_SHRED ]; then
    $SHRED $SHRED_OPTS $WALLET $WALLET_E
  else
    $RM $RM_OPTS $WALLET $WALLET_E
  fi
}
do_fail() {
  do_clean
  echo failed!
  exit 1
}
# Perform the backup.
echo -n Making backup...
$BITCOIN backupwallet $WALLET
[ ! -s "$WALLET" ] && do_fail  # If the backup does not exist or is empty, fail.
echo done.
echo -n Encrypting backup...
$GPG -r $GPG_USER --output $WALLET_E --encrypt $WALLET
[ 0 -ne $? ] && do_fail  # If gpg returns a non-zero result, fail.
echo done.
echo -n Copying to backup location...
$CP $WALLET_E "$CP_DEST"
[ 0 -ne $? ] && do_fail  # If the $CP command returns a non-zero result, fail.
echo done.
do_clean
exit 0


The shell script:
For Windows, the built-in command ''cipher /W'' will shred all previously-deleted files. [http://www.cylog.org/utilities/cybershredder.jsp CyberShredder] can securely deleted individual files.


* Calls bitcoind backupwallet to create a time/date-stamped wallet.
==Online and Mobile Wallets==
* GPG encrypts the wallet with your public key.
* Copies the result using one of several storage options (cp, scp, and s3cmd).
* Uses the rm or shred command to remove the temporary wallet files.


Be sure to modify the script options to fit your setup. After you save, make sure the file can be executed properly by the cron user. Common permissions for files in /usr/local/bin/ can be applied using (verify with your distribution!):
Thus far, this article has been discussing the security of a wallet file for Bitcoin-Qt or bitcoind that is under your sole control.


cd /usr/local/bin/ && chown root:root backupwallet.sh && chmod 755 backupwallet.sh


[[Category:Technical]]
Online wallets have a number of pros and cons to consider. For example, you can access your wallet on any computer in the world, but you are essentially storing your private keys or wallet with the provider of the online wallet.
Depending on the level of security of such service, your bitcoins may be lost if the service is compromised.


==Restore==
The invention of [[hardware wallet]]s makes it possible to use online wallets in a more secure manner.
A hardware wallet keeps your private keys apart from the computer and internet. An online wallet compatible with a hardware wallet (such as [http://mytrezor.com myTREZOR.com]) then does not need to store any sensitive data (private keys, passwords or email addresses) and only serves as tool for broadcasting transactions signed in the hardware wallet out to the blockchain.


Assuming your backup is recent enough that you haven't used up all of your key pool... restoring a wallet to a new (or old) location and rescanning the block chain should leave you with all your coins. Just follow these steps:
* Quit bitcoin(d).
* Copy your backed up wallet.dat into your bitcoin profile directory.
* If copying into existing profile, delete file ''blkindex.dat'' and ''blk0001.dat'' to make the client re-scan the block chain.


And you'll be good as new.
Mobile wallet applications are available for Android devices that allow you to send bitcoins by QR code or NFC, but this opens up the possibility of loss if mobile device is compromised. It may be possible to encrypt and backup the wallet or private keys on a mobile device but it is not advisable to store a large amount of bitcoins there without doing your own research and testing. Mobile wallets are useful for small spending and not for storing your bitcoin savings.
 
==Erasing Plain Text Wallets==
 
A good practice is to keep at least two wallets, one as a "current account" for everyday transactions and one as a "savings account" where you store the majority of your Bitcoins. 
 
The "savings account" wallet should be backed up in encrypted form only and all plaintext copies of this wallet should be erased. In case someone gains unauthorised access to your computer (either by physically stealing it or by exploiting a system vulnerability via the internet), they will only be able to spend the coins in your "current account" wallet.
 
In most operating systems, including Windows, Linux, and Mac OS X, simply deleting a wallet.dat file will ''not'' generally destroy it. It is likely that advanced tools can still be used to recover the wallet.dat file, even after it has been deleted.
 
The Linux '''shred''' command can be used to overwrite the wallet file with random data prior to deleting; this particular copy of the file will then be practically impossible to recover.  Using shred (and similar tools on Windows) however does not guarantee that still other copies don't exist somewhere hidden on your HD. That will depend on your system configuration and what packages you have installed. Some system restore and backup tools, for instance, create periodic snapshots of your  filesystem, duplicating your wallet.dat.
 
In Mac OS, the equivalent of '''shred''' is '''srm''' (introduced in Leopard). Using the Finder to remove files, clicking "Secure Empty Trash" in the Finder menu will shred the contents of the trash can. As with any OS this doesn't guarantee that there are not other copies elsewhere on your system.
 
For Windows, the built-in command ''cipher /W'' will shred all previously-deleted files. [http://www.cylog.org/utilities/cybershredder.jsp CyberShredder] can securely deleted individual files.
 
==eWallet==
 
Storing bitcoins with an [[eWallet]] provider incurs risks as well. Basically you grant the third party, in this case eWallet, full access to your wallet. These eWallets, or Electronic Wallets have a number of pros and cons. For example, you can access your wallet on any computer in the world, but the wallet can be forged or hacked and your bitcoins could be lost. You can also get eWallet applications for your Android phone, which also download the block chain like the normal client but allow the user to send bitcoins by QR code or NFC. The problem with this is that Bitcoins can be intercepted through means of mobile hacking.


==See Also==
==See Also==


* [[How to set up a secure offline savings wallet]]
* [[Cold storage]]
* [[Data directory]]
* [[Data directory]]
* [http://maxtaco.github.io/bitcoin/2014/01/16/how-jason-bourne-stores-his-bitcoin/ How Jason Bourne stores his Bitcoin]
* [http://startbitcoin.com/how-to-create-a-secure-bitcoin-wallet/ Secure Bitcoin Wallet Tutorial]
* [http://startbitcoin.com/how-to-create-a-secure-bitcoin-wallet/ Secure Bitcoin Wallet Tutorial]
* [[How to set up a secure offline savings wallet]]
* [http://arimaa.com/bitcoin/ Bitcoin Gateway - A Peer-to-peer Bitcoin Vault and Payment Network]
* [http://arimaa.com/bitcoin/ Bitcoin Gateway - A Peer-to-peer Bitcoin Vault and Payment Network]
* [https://docs.google.com/document/d/1dNZ7N_lQXHQp0jWkeN7dW4bWNMpcTBRM4iEoSuQwLho/edit# The Ultimate Guide to Web Wallet Security]
[[Category:Security]]


[[de:Sichere deine Geldbörse]]
[[de:Sichere deine Geldbörse]]
[[ru:Bitcoin и безопасность]]
[[es:Cómo asegurar su monedero]]
[[zh-cn:保护你的钱包]]
[[zh-cn:保护你的钱包]]

Latest revision as of 22:09, 17 June 2020

Redirect to:

It has been suggested that this article is merged with Ways_to_store_Bitcoins.


Introduction

Wallet security can be broken down into two independent goals:

  1. Protecting your wallet against loss.
  2. Protecting your wallet against theft.

In the case that your current wallet hasn't been protected adequately (e.g. put online with a weaker password):

  1. Making a new secure wallet, using appropriate long-term protection.

For a brief overview see also: Wallet Security Dos and Don'ts

Cold wallets

A cold wallet generates and stores private wallet keys offline on a clean air-gapped computer. Unsigned transactions are generated online, transferred offline for verification and signing, and the signed transaction is transferred online to be transmitted to the Bitcoin network.

This allows funds to be managed offline in Cold storage. Used correctly a cold wallet is protected against online threats, such as viruses and hackers. Cold wallets are similar to hardware wallets, except that a general purpose computing device is used instead of a special purpose peripheral.

Hardware wallets

Main page: Hardware wallet

Hardware wallets are special purpose security hardened devices for storing Bitcoins on a peripheral that is trusted to generate wallet keys, verify and sign transactions.

A hardware wallet typically holds the private keys in its internal storage and is designed to be malware resistant. The device signs the transactions internally and only transmits the signed transactions to the computer. The separation of the private keys from the vulnerable environment allows the user to spend bitcoins on a compromised computer with reduced risk.

Multisignature wallets

A multisignature wallet is one where multiple private keys are required to move the bitcoins instead of a single key. These private keys can be spread across multiple machines with the assumption that malware and hackers are unlikely to simultaneously infect your laptop, desktop and smartphone. The multisig wallet can be of the m-of-n type where any m private keys out of a possible n are required to move the money. For example a 2-of-3 multisig wallet might have your private keys spread across a laptop, smartphone and paper backup; any two of those are required to move the money but the loss of any one does not result in loss of money.

Multisignature wallets have the advantage of being cheaper than hardware wallets since they are implemented in software and can be downloaded for free, as well as being convenient as all keys are online and the wallet user interfaces are typically good. Wallet software Electrum and Armory can create multisig wallets.

Further reading: Multisignature

See also: http://docs.electrum.org/en/latest/multisig.html

Hot wallets: minimizing risks

An Internet connected computer that stores your Bitcoins is often referred to as a "hot wallet". Though there are several things that can be done to lower the threat, hot wallets are unavoidably risky.

Modern operating systems are highly complexity, leading to a large attack surface. They also constantly leak information without the user’s knowledge or consent. It is very hard to ensure your wallet is secure on an Internet connected computer.

For low value wallets, the risk may be acceptable but it is recommended not to keep more in a hot wallet than you can afford to lose. For sums beyond that use one of the more secure methods above (e.g.,.

To minimize risk, take care that the system is free of malware, viruses, keyloggers, remote access tools, and other tools that may be used to make remote copies of your wallet, Bitcoin-related passwords, or Bitcoin private keys. When your computer is compromised, the precautions taken below may provide additional protection.

Securing the Bitcoin-Qt or bitcoind wallet

Bitcoin transactions send Bitcoins to a specific public key. A Bitcoin address is an encoded hash of a public key. In order to use received Bitcoins, you need to have the private key matching the public key you received with. This is sort of like a super long password associated with an account (the account is the public key). Your Bitcoin wallet contains all of the private keys necessary for spending your received transactions. If you delete your wallet without a backup, then you no longer have the authorization information necessary to claim your coins, and the coins associated with those keys are lost forever.

The wallet contains a pool of queued keys. By default there are 100 keys in the key pool. The size of the pool is configurable using the "-keypool" command line argument. When you need an address for whatever reason (send, “new address”, generation, etc.), the key is not actually generated freshly, but taken from this pool. A brand new address is generated to fill the pool back to 100. So when a backup is first created, it has all of your old keys plus 100 unused keys. After sending a transaction, it has 99 unused keys. After a total of 100 new-key actions, you will start using keys that are not in your backup. Since the backup does not have the private keys necessary for authorizing spends of these coins, restoring from the old backup will cause you to lose Bitcoins.

Creating a new address generates a new pair of public and private keys, which are added to your wallet. Each keypair is mostly random numbers, so they cannot be known prior to generation. If you backup your wallet and then create more than 100 new addresses, the keypair associated with the newest addresses will not be in the old wallet because the new keypairs are only known after creating them. Any coins received at these addresses will be lost if you restore from the backup.

The situation is made somewhat more confusing because the receiving addresses shown in the UI are not the only keys in your wallet. Each Bitcoin generation is given a new public key, and, more importantly, each sent transaction also sends some number of Bitcoins back to yourself at a new key. When sending Bitcoins to anyone, you generate a new keypair for yourself and simultaneously send Bitcoins to your new public key and the actual recipient's public key. This is an anonymity feature – it makes tracking Bitcoin transactions much more difficult.

So if you create a backup, and then do more than 100 things that cause a new key to be used, and then restore from the backup, some Bitcoins will be lost. Bitcoin has not deleted any keys (keys are never deleted) – it has created a new key that is not in your old backup and then sent Bitcoins to it. A backup is therefore recommended roughly every 50 transactions (or address creations) just to be safe.

Importance of security updates

No software is perfect, and from time to time there may be security vulnerabilities found in your Bitcoin client as well. Be sure you keep your client updated with the latest bug fixes, especially when a new vulnerability is discovered. We maintain a list a known vulnerabilities on this wiki - you can watch that page to get updates. Note that you don't need to be running the latest major client version: some clients, including the popular Bitcoin-Qt, have older versions available with bugfix-only updates.

Making a new Bitcoin-Qt or bitcoind wallet

If a wallet or an encrypted wallet's password has been compromised, it is wise to create a new wallet and transfer the full balance of bitcoins to addresses contained only in the newly created wallet. Examples of ways a wallet may be compromised are through password re-use, minimal strength passwords, computer hack or virus attack.

There are a number of ways to create a new wallet with Bitcoin-Qt or bitcoind but this is a process that has been tested with bitcoind 0.6.3. We use the copy command to minimize the chance of any data loss but you are warned to make backups of any wallet.dat that holds a balance for you.

1. Shut down the Bitcoin program.
2. Find and make a backup of the "compromised" wallet.dat file and rename it, perhaps adding a short description:
wallet.dat -> wallet-compromised.dat
Depending on your OS, the wallet file will be located at:
Windows: %APPDATA%\Bitcoin\
Linux: ~/.bitcoin/
Mac: ~/Library/Application Support/Bitcoin/
3. Start the Bitcoin program and it will create a new wallet.dat. You may then encrypt the wallet as desired and make a new backup.
4. Once you've made a new wallet, you can obtain one or more addresses and copy them into a text editor. After obtaining the new address(es), shut down the Bitcoin program, make a backup of the new wallet.dat file and copy it to a new file named wallet-new.dat.
5. Copy the wallet-compromised.dat file back to wallet.dat, start the Bitcoin program and transfer your balance to the new address(es) you put in your text editor. Once the balance is back to 0 for your compromised wallet, you may want to wait a couple minutes or for a confirmation or check block explorer to be sure the transactions have been broadcasted. Then you may shut down the Bitcoin program.
6. Rename wallet.dat to wallet-compromised.dat.
7. Rename wallet-new.dat to wallet.dat.

You should now have a new wallet with all the bitcoins from the old wallet.

Debian-based Linux

Store all into an encrypted folder (Tomb)

Tomb is a simple tool to manage encrypted storage on GNU/Linux. Among its features are bind-hooks to set up a tomb's contents in the place where other programs expect them, for example in our case mount -o bind the .bitcoin directory in a user's home.

First install tomb from https://files.dyne.org/tomb (homepage is on http://www.dyne.org/software/tomb)

Among the requirements: zsh, cryptsetup, pinentry-curses, gnupg, sudo.

Recommended: wipe, dcfldd, steghide, qrencode.

Then create a tomb (we name it bitcoin) with three commands:

tomb dig -s 100 bitcoin.tomb

tomb forge bitcoin.tomb.key

tomb lock bitcoin.tomb -k bitcoin.tomb.key

Then open it

tomb open bitcoin.tomb

This will require you to input again the password you selected.

Once open the tomb contents are in /media/bitcoin.tomb

Move there your bitcoin wallet:

mv ~/.bitcoin /media/bitcoin.tomb/my-safe-wallet

Then create a file "/media/bitcoin.tomb/bind-hooks" and put a single line:

my-safe-wallet .bitcoin

Which means that every time the tomb is open, the directory my-safe-wallet needs to be bound to ~/.bitcoin. Just make sure an empty ~/.bitcoin directory exists in your home.

Now close the tomb and store its keys safely, make sure you memorize the password. Have a look at Tomb's documentation, there is a number of things you can do like steganography or printing out keys on a paper to hide and such.

That's it. Every time you like to access your wallet open the tomb and the .bitcoin will be in place. One can also store the bitcoin binary inside the tomb and even start the bitcoin client using the exec-hooks. Tomb's manual page "man tomb" explains the possibilities.

The advantage of this approach over an encrypted home is that it becomes extremely portable across computers and even online shells: a Tomb is just a file and its key can be stored far away, on different shells, usb sticks or mobile phones.

Secure the whole user home directory

The first step is to make a new user. In order for that new user to have an encrypted home directory, you'll first need the encryption utility. Run:

sudo apt-get install ecryptfs-utils

Now you're ready to create a new user

sudo adduser --encrypt-home new_user_name

You'll need to come up with a secure new password for that user.

When you get to the prompt 'Enter the new value, or press ENTER for the default', just keep hitting ENTER.

Then switch user to the new user. To get to the new user you can use the switch user icon for your system, which on Ubuntu is in the 'System/Quit' screen, or if there is no switch icon on your system you can log out and log back in as the new user.

Since the home folder of this user is encrypted, if you're not logged in as that user, data that is saved there can't be browsed, even by a root user. If something goes wrong with your system, and you need to decrypt the new user's files, you'll need its decryption key.

ecryptfs-unwrap-passphrase

It will ask you for your user's password and give you the decryption key. WRITE DOWN OR SAVE THE CODE IT RETURNS because you will need it if you ever have to pull your data off while the OS is not working. (You can run it again later if you need to, but run it now so that you can get your data if your Linux install gets botched.)

The encrypted folder data is not encrypted while it's in memory, and so if it's ever sent to the swap partition it can be stolen from there unless that too is encrypted - be aware that this will mean you cannot use Hibernate anymore, as the bootloader won't be able to restore the hibernation data.

ecryptfs-setup-swap

Then click on a folder in the new user to display the file browser, then keep going up folders until you see the new user home directory, then right click to bring up the Properties dialog, then click on the Permissions tab, then in the Others section, set the folder access to None.

For secure browsing, open Firefox, and then go into the Edit menu and click Preferences. Starting from the left, click on the General tab, and in the 'Startup/When Firefox starts' pop up menu, choose 'Show a Blank Page'. Then click on the Content tab, and deselect 'Load images automatically' and deselect 'Enable JavaScript'. Then click on the Privacy tab, and in the 'History/Firefox will' pop up menu, choose 'Never remember history'. Then click on the Security tab, and in the Passwords section, deselect 'Remember passwords for sites' and deselect 'Use a master password'. Then click on the Advanced tab, then click on the Update tab, and then in the 'Automatically check for updates to' section, deselect 'Add-ons' and 'Search Engines'.

When JavaScript is disabled, the Linux download page will not download automatically, so you'll have to click on the 'direct link' part of the "Problems with the download? Please use this 'direct link' or try another mirror." line.

Mac

This solution does not scale; the amount of needed space can grow beyond the image size.

Windows

Due to the frequency with which Windows computers are compromised, it is advised to encrypt your wallet or to keep your wallet on an encrypted disk image created by third-party software, such as TrueCrypt (open source) or Jetico BestCrypt (commercial). This also applies to the storage of passwords, private keys and other data that can be used to access any of your Bitcoin balances.

Assuming that you have installed the Windows Bitcoin client and run it at least once, the process is described below.

To mount the Bitcoin data directory on an encrypted drive

  1. Use the third-party disk image encryption program of your choice to create and mount an encrypted disk image of at least 5GB in size. This procedure stores the entire block chain database with the wallet.dat file so the required size of the encrypted disk image required may grow in the future.
  2. Locate the Bitcoin data directory, and copy the directory with all contents to the encrypted drive.

    For help finding this directory, see Locating Bitcoin's Data Directory.

  3. Create a Windows shortcut that starts Bitcoin with the -datadir parameter and specifies the encrypted drive and directory.

    For example, if you installed Bitcoin in the default directory, mounted your Bitcoin encrypted drive as E:\, and stored your Bitcoin data directory on it as Bitcoin, you would type the following command as the shortcut Target:

    C:\Program Files\Bitcoin\bitcoin.exe -datadir=E:\Bitcoin

  4. Open Bitcoin's settings and configure it NOT to start automatically when you start Windows.

    This is to allow you to mount the Bitcoin encrypted disk image before starting Bitcoin.

  5. Shut down Bitcoin, and then restart it from the new shortcut.

After doing this, any time you want to use Bitcoin, you must first mount the Bitcoin encrypted disk image using the same drive designation, and then run Bitcoin from the shortcut that you created, so that it can find its data and your wallet.


General Solutions

Your wallet.dat file is not encrypted by the Bitcoin program by default but the most current release of the Bitcoin client provides a method to encrypt with a passphrase the private keys stored in the wallet. Anyone who can access an unencrypted wallet can easily steal all of your coins. Use one of these encryption programs if there is any chance someone might gain access to your wallet.

  • 7-zip - Supports strongly-encrypted archives.
  • AxCrypt by Axantum
  • lrzip - Compression software for Linux and OSX that supports very high grade password protected encryption
  • TrueCrypt - Volume-based on-the-fly encryption (for advanced users)

There is also a list of open source encryption software.

Decrypting and encrypting the wallet.dat every time you start or quit the Bitcoin client can be tedious (and outright error-prone). If you want to keep your wallet encrypted (except while you're actually running the Bitcoin client), it's better to relegate the automation to a small shell script that handles the en/decryption and starting up Bitcoin client for you (Linux and OSX).

There is also a method to print out and encrypt your wallet.dat as a special, scannable code. See details here: WalletPaperbackup

Password Strength

Brute-force password cracking has come a long way. A password including capitals, numbers, and special characters with a length of 8 characters can be trivially solved now (using appropriate hardware). The recommended length is at least 12 characters long. You can also use a multi-word password and there are techniques to increase the strength of your passwords without sacrificing usability. The Usability of Passwords

However, simply using dictionary words is also insecure as it opens you up to a dictionary attack. If you use dictionary words, be sure to include random symbols and numbers in the mix as well.

If you use keyfiles in addition to a password, it is unlikely that your encrypted file can ever be cracked using brute-force methods, even when even a 12 character password might be too short.

Assume that any encrypted files you store online (eg. Gmail, Dropbox) will be stored somewhere forever and can never be erased.

Choosing A Strong Password

Make sure you pick at least one character in each group:

 Lowercase: abcdefghijklmnopqrstuvwxyz
 Uppercase: ABCDEFGHIJKLMNOPQRSTUVWXYZ
 Number: 1234567890
 Symbol: `~!@#$%^&*()-_=+\|[{]};:'",<.>/? (space)
 <9 char = unsuitable for use
 09 char = insecure
 10 char = low security
 11 char = medium security
 12 char = good security (good enough for your wallet)
 13 char = very good, enough for anything.

You might want to read What is your way to create good passwords that can actually be remembered? and XKCD #936: Short complex password, or long dictionary passphrase?

Backing up your wallet

Backing up your wallet is not necessary if you use a wallet with implemented BIP 0032 (hierarchical deterministic wallet). Today, only TREZOR, Electrum and CarbonWallet fully support BIP 0032.

For advise on the backup process see Backing up your wallet.

Erasing Plain-text Wallets

In most operating systems, including Windows, Linux, and Mac OS X, simply deleting a wallet.dat file will not generally destroy it. It is likely that advanced tools can still be used to recover the wallet.dat file, even after it has been deleted.

The Linux shred command can be used to overwrite the wallet file with random data prior to deleting; this particular copy of the file will then be practically impossible to recover. Using shred (and similar tools on Windows) however does not guarantee that still other copies don't exist somewhere hidden on your HD. That will depend on your system configuration and what packages you have installed. Some system restore and backup tools, for instance, create periodic snapshots of your filesystem, duplicating your wallet.dat.

In Mac OS, the equivalent of shred is srm (introduced in Leopard). Using the Finder to remove files, clicking "Secure Empty Trash" in the Finder menu will shred the contents of the trash can. As with any OS this doesn't guarantee that there are not other copies elsewhere on your system.

For Windows, the built-in command cipher /W will shred all previously-deleted files. CyberShredder can securely deleted individual files.

Online and Mobile Wallets

Thus far, this article has been discussing the security of a wallet file for Bitcoin-Qt or bitcoind that is under your sole control.


Online wallets have a number of pros and cons to consider. For example, you can access your wallet on any computer in the world, but you are essentially storing your private keys or wallet with the provider of the online wallet. Depending on the level of security of such service, your bitcoins may be lost if the service is compromised.

The invention of hardware wallets makes it possible to use online wallets in a more secure manner. A hardware wallet keeps your private keys apart from the computer and internet. An online wallet compatible with a hardware wallet (such as myTREZOR.com) then does not need to store any sensitive data (private keys, passwords or email addresses) and only serves as tool for broadcasting transactions signed in the hardware wallet out to the blockchain.


Mobile wallet applications are available for Android devices that allow you to send bitcoins by QR code or NFC, but this opens up the possibility of loss if mobile device is compromised. It may be possible to encrypt and backup the wallet or private keys on a mobile device but it is not advisable to store a large amount of bitcoins there without doing your own research and testing. Mobile wallets are useful for small spending and not for storing your bitcoin savings.

See Also